> > > we wouldn't have been hacked in April if we weren't using
> > > IIS (!).
> >
> > If you were hacked in April, it might have been because you
> > didn't configure IIS properly, not just because you were using
> > IIS.
>
> We were hacked because of a vulnerability that wasn't patched
> until the day _after_ we were hacked. Of course we didn't
> discover it for a while...
What specific vulnerability was that? Most IIS vulnerabilities entail
services and functionality that can and should be disabled for public web
servers. If configured properly, you can avoid these vulnerabilities even if
patches don't exist for them.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
